The safer you feel, the more vulnerable you are
Our colleague, Alex Balan recently gave an interview to PC Mag on Internet Security and the dangers we face online every day. Alex works at BullGuard as Head of Product Management and has over fourteen years of experience in various roles within IT security. What follows is an edited version of the PC Mag interview.
Q: What is your role in computer security?
A: Computer security is both my hobby and my profession and because of this, my job provides a very interesting perspective. Normally, Product Management is business oriented, focused towards profitability and analyzing cost-benefits. But that said having a deep understanding about the core requirements for a security product is invaluable. It can help inform product development and bring that product to the top of the market.
Q: Is using a smartphone more risky than using a computer?
A: You have to worry when you use both devices. At present, there’s explosive growth within mobile malware. We’re seeing growth rates of six thousand per cent a year. It’s staggering. We’ve moved from a few hundred malware types to tens of thousands, within a relatively short time. That said, the growth on Windows platforms is not as huge as it was, it’s dropped back to normal levels now.
Q: Does the growth of malware reflect an increasing need for security?
A: Yes. The truth is that you have to be wary on any platform. Today, the trend is for simultaneous attacks against multiple systems. We call this a cross-platform attack. This year we’ve seen simultaneous malware attacks on Windows , Android and MacOS. "
Q: Are computer users aware of the dangers presented by mobile malware?
A: Many people have a false sense of security and don’t buy protection for their Android device. It is reminiscent of the nineties when the first serious viruses for PCs appeared. Practically nobody bought protection because everybody thought they’d never be infected. But malware exploded and today people can’t imagine using an unprotected computer.”
Q: What’s behind the explosive growth in malware and just how dangerous is it?
A: With iOS for the iPhone you have a slightly more secure platform than others. But I can’t say the same for MacOS. The new Gatekeeper security can be switched off by a bit of clever social engineering. You just need to tell users that something needs to be switched off to install software and they’ll do it. Apple users still have an advantage in that they are in the minority so malware writers often don’t bother with them. They don’t create malware as a hobby, it’s a business. People with money control the business and they control the technical people. They seek a market and want to recover their investment so they go for the largest potential return-on-investment.
Q: Do you have any examples of recent malware attacks?
A: The cross-platform attacks that we are currently seeing are driven by this approach. I recently saw a botnet that runs on all platforms. Someone who visits a web page with a certain script automatically received unwanted code for their phone, even when visiting with an Android or Mac. This shows again that the more you feel secure, the more vulnerable you are. "
Q: What would you advise when it comes to online security?
A: If you’re uncertain about online security measure the costs against the benefits. What would you have to lose and how much would it cost you? The question is not whether you have to pay, but what is the best security within your budget? That does not necessarily mean a paid solution. I have seen paid solutions that perform worse than free equivalents. Base your choice on independent reviews and tests. On this basis you can select the best possible protection that you can afford.
Q: How do you estimate the value of a security product?
A: For users, it is very difficult to estimate the value of security. Sometimes you might have misplaced confidence in a security product. A friend, who is not very familiar with computers, told me that his security solution was very good because there was malware found in a full system scan. I tried to explain that with a good security product there shouldn’t be any malware in the first place. The security solution is supposed to stop it getting onto the computer.
Q: So if you don’t find malware that means you don’t need to review your security product?
A: The measure you should use about a security product is how it protects the system without burdening the system. For example, nothing unwanted should happen on the computer. People should have security that protects at all levels and doesn’t interfere with daily computer usage. At BullGuard we try to be subtle by occasionally sending a report. We look for the right balance. We want to show that we are doing something without disturbing the interaction between user and computer.
Q: Cyber espionage and hacking of large companies dominates the news, but are ordinary people just as vulnerable?
A: Probably the financial blow to a company is bigger, but the impact is greater for individuals. Cyber criminals loot individuals’ bank accounts and sell on their private information, because they can earn a lot of money. Malware is designed to extract this information and malware creation is a billion dollar industry illustrating just how money can be made by preying on individuals. We should do what all good security people do; be mindful about future attacks and ensure that we’re protected when they happen. With thanks to Merijn Gelens, editor-in-chief of PC Magazine and writer of the article.